⚡️ Run a static analysis of your module's dependencies.
- Node.js version 16 or higher
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner
import * as scanner from "@nodesecure/scanner";
import fs from "fs/promises";
// CONSTANTS
const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
const payloads = await Promise.all(
kPackagesToAnalyze.map((name) => scanner.from(name))
);
const promises = [];
for (let i = 0; i < kPackagesToAnalyze.length; i++) {
const data = JSON.stringify(payloads[i], null, 2);
promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
}
await Promise.allSettled(promises);
See types/api.d.ts
for a complete TypeScript definition.
function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function verify(packageName: string): Promise<Scanner.VerifyPayload>;
Options
is described with the following TypeScript interface:
interface Options {
readonly verbose?: boolean;
readonly maxDepth?: number;
readonly usePackageLock?: boolean;
readonly vulnerabilityStrategy: Strategy.Kind;
}
Thanks goes to these wonderful people (emoji key):
Gentilhomme 💻 📖 👀 🛡️ 🐛 |
Tony Gorez 💻 📖 👀 🐛 |
Haze 💻 |
MIT